Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion How do I prevent my app from breaking down when users tampering with the URL?
How do I prevent my app from breaking down when users tampering with the URL?
  • El Forum
    Guest
  •  
#1
12-06-2009, 07:07 AM

[eluser]Rupesh Pradhan[/eluser]
How do I prevent my app from breaking down when users tampering with the URL?

When the a previous view with the form called the function 'show_name_list' in the controller result given below (with the post data $class_name) it works fine.

http://localhost/PHPDev/codeigniter/inde..._name_list

Now, as soon as i add a slash or any thing after that and press enter, it gives me the errors given below.

For example, the trailing slash at the end of the url given below

http://localhost/PHPDev/codeigniter/inde...name_list/

---------------------------
A PHP Error was encountered

Severity: Notice

Message: Undefined variable: data

Filename: models/mrockvale.php

Line Number: 20
---------------------------

The post data $class_name is empty when recieved by the controller and thereafter the model which shows the error.

I was thinking that if such tampering occurs, i could notify the user that the url has been tampered and provide a link back to the index page. Is this idea ok?
  • El Forum
    Guest
  •  
#2
12-06-2009, 08:32 AM

[eluser]überfuzz[/eluser]
Welcome to the forum!

Save a session variable.
Code:
if($this->session->userdata('form_action'))
{
   //ok you're doing dandy
}
else
{
   $this->index();  //go back to the start!
}
  • El Forum
    Guest
  •  
#3
12-06-2009, 08:51 AM

[eluser]Rupesh Pradhan[/eluser]
Code:
function index()
{
    // index function
}


function show_name_list()
{
    // load helpers
    $this->load->helper('url');        
    $this->load->model('MRockvale','',TRUE);    
    $this->load->helper('form');    
            
    // extract post variables        
    $class_name=$this->input->xss_clean($this->input->post('class_name'));
    $exam_name_code=$this->input->xss_clean($this->input->post('exam_name_code'));

    // is this where i check if my URL has been tampered?
    if($this->session->userdata('form_action'))
    {
       //ok you're doing dandy
    }
    else
    {
       $this->index();  //go back to the start!
    }

}

FYI - I have been taking a crack at CodeIgniter for the past 2 days only. I need all the help I can get!
  • El Forum
    Guest
  •  
#4
12-06-2009, 09:07 AM

[eluser]überfuzz[/eluser]
Ok... I'm not 100% on what it is you doing. But it seems you're setting up a form with several steps. My advice was to store a session variable. If it's not set you direct the user back to the start. You might have to adjust it to make it work in your application. But the idea...

Code:
function index()
{
   //set up the form_validation stuff
   //display the view, you could call it form_start.php
   //set session variable
}

function next_step()
{
   if(!first step)
   {
      $this->index();
   }

}

Read about session, form_validation in the user_guide.
  • El Forum
    Guest
  •  
#5
12-06-2009, 09:25 AM

[eluser]Rupesh Pradhan[/eluser]
Ok.
Will try to use this as the starting point.
Thanks
  • El Forum
    Guest
  •  
#6
12-06-2009, 10:19 AM

[eluser]überfuzz[/eluser]
CI is not flawless, but it's good. If you use it in a sound way you'll quickly start loving it.

Feel free to ask questions as you go along setting up you site.




Theme © iAndrew 2016 - Forum software by © MyBB